<?php

	require_once 'config.inc';
	require_once '_common.inc';
	require_once '_merchant.inc';
	require_once '_db.inc';
	require_once '_ui.inc';

	

/*********************************************************
set the correct time zone to eliminate warnings in debug
date_default_timezone_set('America/New_York');

$script_tz = date_default_timezone_get();

if (strcmp($script_tz, ini_get('date.timezone'))){
    echo 'Script timezone differs from ini-set timezone.';
}
*********************************************************/


	$mo_info = $_POST["selectedmo"];

	$mo_info_arr1 = explode("+",$mo_info);
	$mo_info_arr2 = explode(":",$mo_info_arr1[0]); 

	$mo['uniquestring'] = $mo_info_arr2[0];
	$mo['amount'] = $mo_info_arr2[1];
	$banksign = $mo_info_arr1[1];
?>
<HTML>

<HEAD>
	<title>Validate Money Order Signature</title>
</HEAD>
<BODY>
<?php
ui_print_header('Merchant - Validate Money Order Signature');

	echo "Receiving hashes from customer's db...<BR><BR>";
	
/*********************************************************
connect to db
*********************************************************/
$customer_conn = db_connect(MERCHANT_DB_USER, MERCHANT_DB_PASSWORD);

/*********************************************************
get available mo batches
*********************************************************/


$sql = "select idstring_n as n, l_id_string as l, r_id_string as r from mo_idstrings_committed where
		uniqueness_string = '" . $mo['uniquestring'] . "' order by n";

$q_results = db_do_query($customer_conn, $sql);


/*********************************************************
close db connection
*********************************************************/
oci_close($customer_conn);	

$i = 0;
foreach($q_results as $qr) {
	$id_hash[$i][0] = $qr[L];
	$id_hash[$i][1] = $qr[R];
	$i++;
	}
	
	$mo['id_hash'] = $id_hash;
	
		// Valid signature, then put into DB
	$mo_string = mo_obj_to_string($mo);
	
		
	if(is_valid_signature($mo_string, $banksign)){
		echo "The signature appears to be valid.<BR><BR>";
	}else{
		echo "<BR><BR><b><i>ERROR: Invalid Signature!!<BR><BR></b></i>";
		
	//Deleting money order
	
	echo "Deleting invalid money order from merchant's database...<BR><BR>";
	
	$conn = db_connect(MERCHANT_DB_USER, MERCHANT_DB_PASSWORD);

	$sql = "delete from mo_idstrings_committed_m where uniqueness_string = '" . $mo['uniquestring'] . "'"; 
	
	$stmt = oci_parse($conn, $sql);
	oci_execute($stmt);
	
	
	$sql = "delete from mo_idstrings_merchant where uniqueness_string = '" . $mo['uniquestring'] . "'"; 
	
	$stmt = oci_parse($conn, $sql);
	oci_execute($stmt);
	
	$sql = "delete from mo_detail_merchant where uniqueness_string = '" . $mo['uniquestring'] . "'"; 
	
	$stmt = oci_parse($conn, $sql);
	oci_execute($stmt);
	
	oci_close($conn);
	
	echo "Exiting...<BR>";
	
	die;

	}
	
	$n = sizeof($mo['id_hash']);
	
	$ss = selectorstr_gen($n);
	
	echo "The merchant has generated the following selector string:<BR><BR>";
	echo implode($ss) . "<BR><BR>";
	
	/*********************************************************
connect to db
*********************************************************/
$conn = db_connect(MERCHANT_DB_USER, MERCHANT_DB_PASSWORD);

echo "Saving hashes to merchant's database...<BR><BR>";

/*********************************************************
Save to DB
*********************************************************/


$sql = "insert into mo_detail_merchant(uniqueness_string, val, bank_sig, selector_string, deposited, version)
	values('" . $mo['uniquestring'] . "', " . $mo['amount'] . ", '" . $banksign . "', '" . implode($ss) . "', 0, 1)";

$stmt = oci_parse($conn, $sql);
oci_execute($stmt);


for($i = 0; $i < sizeof($mo['id_hash']); $i++){

	$sql = "insert into mo_idstrings_committed_m(uniqueness_string, idstring_n, l_id_string, r_id_string)
		values('" . $mo['uniquestring'] . "', " . $i . ", '" . $mo['id_hash'][$i][0] . "', '" . $mo['id_hash'][$i][1] ."')";
	
$stmt = oci_parse($conn, $sql);
oci_execute($stmt);

}



/*********************************************************
close db connection
*********************************************************/
oci_close($conn);	
	
	?>
		<FORM action="./4R_3_CustomerOpenIDStrings.php" method="post">
		<?php  echo '<input type="hidden" name="usss" size="10" value="' . $mo['uniquestring'] . ":" . implode($ss) . '"/>';?>
		<input type="submit" value="Send Selector String to Customer" />
 </FORM>
 </PRE>
 <?php ui_print_footer(date('Y-m-d H:i:s')); ?>
</BODY>
</HTML>	
	
